One is a campaign that presents a malicious URL. The other uses its victim's machine to mine Bitcoins. Both are serious, but the second attack is getting major media attention.

Dmitry Bestuzhev, a Kaspersky Lab expert, on Thursday pointed out an infection vector via social engineering that's abusing infected Skype accounts by massively sending messages to contacts, with a link to a photo and the sentence, "I don't think I will ever sleep again after seeing this photo."

A Slave to Bitcoin

"Goo.gl short URL service shows that at the moment there are more than 170k clicks on the malicious URL and only 1 hour ago there were around 160k clicks," Bestuzhev said. "It means the campaign is quite active with around 10k clicks per hour or with 2.7 clicks per second!"

But most of the victims are from Russia and the Ukraine so far. Hours later, Bestuzhev turned his focus to the Bitcoin malware that's trending in Google News. He said it's a similar campaign in terms of propagation but different in terms of origins and purposes. Average clicking is also high, with more than 2,000 clicks per hour. Most of the potential victims live in Italy, followed by Russia, Poland, Costa Rica, Spain, Germany and Ukraine.

"Once the machine is infected it drops to the system many other pieces of malware. Downloads come from the Hotfile.com service. At the same time the malware connects to its C2 server located in Germany," Bestuzhev wrote in a blog post. "So what does malware do? To be honest many things but one of the most interesting is it turns the infected machine to a slave of the Bitcoin generator. The usage of CPU grows up significantly."

Cyber Economics

Alex Horan, a senior product manager at Core Security, said this is simple economics: How much does it cost to rent a large group of machines from a botnet herder? And how much money can I make in that period of time via Bitcoin? If the amount of money to be made is higher than the money to be spent, he said, then you are in business.

"I think some people overthink the motivation and actions of 'bad guys.' Yes, there are absolutely skilled people doing this type of activity explicitly on behalf of their nation or government -- or without explicit instructions, but with patriotic zeal," Horan told us. "But there are a lot more people just out there to make a buck. And if the scam du jour is Bitcoin harvesting via compromised machines then you can expect to see a lot of people -- of varying skill levels -- trying this out."

So how do you stop this? Horan said you can stop Bitcoin the same way you stop most other crimes -- stop it from being profitable.

"If paper money was so simple that you could not tell the difference between a photocopied note and a real one, a lot more people would be photocopying money," he said. "But creating passable counterfeit money requires a significant investment. Bitcoin needs to create some kind of equivalent, some way to distinguish between the actions of a machine that is being enslaved into work vs. those machines that have actively chosen to participate."